Setting a challenge ...

In my early days exploring network security from a teaching perspective, a colleague and I were interested in an application that could do a 'man in the middle' attack. Another member of our department was very interested in what we were up to and bravely made the statement ... you can't get the data from my computer it won't happen.

Rag to bull, challenge issued.

It did not take too much effort, based on the tools around at the time (which are still very useful), we managed to work out what his firewall was and deduct how it was behaving. With this information, we set up one of our computers to capture everything from an IP address range (we knew how the college addressing scheme worked, so could work out with little effort where their machine was most likely to be), and simply waited.

Within 20 minutes we had harvested a considerable collection of data, which was dumped to a text file.

Our colleague had been in the staff room all this time, with glee we beckoned them over to our computer, showing them all the sites they visited (embarrassing), searches they conducted and a couple of site passwords they had used.*

Credit to them, it was taken in good spirit, recognising that there are some to whom you do not present the challenge.




* Footnote : many sites are more secure now, back then it was a major issue, sadly some still use dated authentication technology

Comments

Popular posts from this blog

Simulation vs emulation vs virtualisation ....

You can't free a fish from water ...

Slow are the wheels that maketh the #Linux NAL ...